Royal Mint "most secure coin in the world" website is insecure

The site looks good. It’s all about how businesses should look out for the new coin and adjust their security practices.

It goes into some detail about just quite how secure this coin is. They’ve obviously put a lot of thought, time and energy into the micro-lettering and latent image.

It’s a bit funny a site about security not using HTTPS. It should be the default for any new site that contains secure or sensitive information, so I was surprised that I wasn’t automatically redirected to HTTPS. Indeed, one of the jobs that HTTPS certificates can do is to put your mind at rest that the site you’re reading was actually served by the organisation it claims to be. That’s a perfect description of this site: you really need to be able to trust information about how to check a new pound coin is genuine.

I tried it.

Crazy. It looks like whoever set the site up re-cycled the HTTPS certificate from a betting shop.

The mind boggles. I can see how this could have come about if they were using some inexperienced amateur, but on the website for an organisation that’s meant to keep our currency safe and secure this is about as bad as it gets.

Of course, there’s also the other option: this isn’t from the Royal Mint after all, and the BBC were duped. We just don’t know.